Cyber security BIMCO guidelines

Assessing compliance to the BIMCO guidelines

Overview

Over the last few years BIMCO (Baltic and International Maritime Council) has played a key role in researching the potential risks posed by the increasing technology onboard ships. In July 2017 BIMCO, together with other leading shipping organisations, launched a set of cyber security guidelines for ships to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident onboard a vessel.

Our approach

In response to the release of the second version of “The Guidelines on Cyber Security Onboard Ships” by BIMCO (July, 2017), LR has created a cost-effective approach in relation to assessing compliance to the BIMCO guidelines which are heavily based on the National Institute of Standards and Technology (NIST) framework. The evaluation of the Cyber Security Threats is the first step recommended by BIMCO and NIST when approaching the cyber security posture of a maritime organisation and thanks to the recent acquisition of Nettitude we are able to offer a comprehensive framework for the threat assessment and risk management of both office fleet management and vessels.

What we offer

Threat Intelligence Services

Threat Assessment and threat modelling are vital tools in providing relevant and effective security activities. As highlighted in the BIMCO framework, until you know where your threats are coming from and what vulnerabilities or weaknesses exist, you will not know where to apply controls. We can support in making sense of all this information in pragmatic workshops and can also help to implement an active and relevant risk methodology consistent with the BIMCO requirements.

Risk assessment

We can provide experienced senior information security consultants onsite to raise the understanding and profile of risk around data and systems by assessing the security posture of shipping organisations to determine an appropriate strategy and action plan for improvement.

Cyber security procedures audit

We can undertake an audit of cyber security procedures based at your HQ. The audit would be undertaken by an ISO 27001-qualified auditor, and the scope of the audit will be agreed with you and will be based on a selection of agreed controls, as opposed to every control. This will ensure that the audit be completed in relatively short timeframe.

Onboard audit

The main aim of the onboard audit is to determine the ship’s compliance against the BIMCO guidelines, and to determine the effectiveness of the ship’s security measures, policies, procedures and preparedness for cyber related incidents. As output from this activity, we will provide a full report of the findings with recommendations/roadmap for improvement and compliance with the chosen BIMCO compliance level.

Vulnerability assessment or Penetration Testing

Vulnerability assessment can be delivered on computer based systems (navigation, cargo control, power management, communication, etc.), ship networks and any automation on board the selected vessel(s). If a specific goal is identified you, penetration testing can also be performed. Penetration testing is the attempt to actively exploit weaknesses in the environment from the perspective of an attacker with direct access to the network being tested.

Why choose LR?

We provide independent assurance and expert advice to companies operating high-risk, capital intensive assets in the marine, energy and transportation sectors, and we have a unique insight into ship and cyber security. We know both the operational technology systems that drive performance and the information technology platforms. We understand the changing regulations being faced by the industry and we know how to deliver a cost-effective solution while reducing our clients’ vulnerability to cyber threats. Our work helps to ensure that your assets and processes are secure, safe, sustainable and compliant with the regulations.